netbt.pdb
Static task
static1
1 signatures
General
-
Target
0eda755d010d94f78db874a30d3d7de9_JaffaCakes118
-
Size
181KB
-
MD5
0eda755d010d94f78db874a30d3d7de9
-
SHA1
12b0f8dada886ea315ed7c5abac09ae029292e63
-
SHA256
c92dcc1821635aa3f2c14b84a14ffc929286475e04bcba1b0d5be03c5226ee9c
-
SHA512
d9b567334f3e31323d1a97f67daf9c5e8067e437d5cd73604286637a5c397cb3b54869c409e53e83b18ab20dda98bc8fc71d2a66d21f308b641af10b1c4f7d1e
-
SSDEEP
3072:fFClE0Ph4b3sFkb2U9oOQqb9IcFsN+msn8REcitf0+R3TKEUr1eR:NClEcWb3sGb2wQq18REztfDRDEB
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 0eda755d010d94f78db874a30d3d7de9_JaffaCakes118
Files
-
0eda755d010d94f78db874a30d3d7de9_JaffaCakes118.sys windows:6 windows x86 arch:x86
6e3af75e02479939ca8c95803af0a864
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
Imports
ntoskrnl.exe
RtlFreeOemString
RtlUpcaseUnicodeStringToOemString
RtlAnsiStringToUnicodeString
RtlUnicodeStringToAnsiString
RtlOemStringToUnicodeString
RtlInitString
MmMapLockedPagesSpecifyCache
RtlAppendStringToString
RtlInitAnsiString
strchr
ExDeleteNPagedLookasideList
InterlockedPopEntrySList
InterlockedPushEntrySList
ExInitializeNPagedLookasideList
KeCancelTimer
ZwClose
ZwCancelTimer
ZwSetTimer
ZwCreateTimer
_aulldiv
_allmul
IofCallDriver
IoBuildDeviceIoControlRequest
ObfReferenceObject
IoGetDeviceObjectPointer
RtlInitUnicodeString
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
KeSetTimer
KeInitializeDpc
KeInitializeTimer
IoWMIWriteEvent
MmGetSystemRoutineAddress
IoWMIRegistrationControl
IoDeleteDevice
KeDelayExecutionThread
KeClearEvent
ExDeleteResourceLite
IoGetRelatedDeviceObject
RtlCopyUnicodeString
memchr
ZwReadFile
ZwQueryInformationFile
KeEnterCriticalRegion
ZwCreateFile
IoRemoveShareAccess
IofCompleteRequest
IoSetShareAccess
IoCheckShareAccess
SeAccessCheck
ObReferenceObjectByHandle
NtWaitForSingleObject
ZwDeviceIoControlFile
ZwCreateEvent
ZwCreateKey
ExfInterlockedPushEntryList
ExQueueWorkItem
IoFreeWorkItem
IoCancelIrp
IoFileObjectType
MmUserProbeAddress
IoQueueWorkItem
IoAllocateWorkItem
KeInsertQueueDpc
RtlCompareUnicodeString
_vsnprintf
RtlExtendedMagicDivide
MmBuildMdlForNonPagedPool
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
RtlGUIDFromString
RtlIpv4AddressToStringW
RtlAppendUnicodeToString
ZwOpenKey
ZwQueryValueKey
memmove
IoBuildPartialMdl
MmUnmapLockedPages
MmLockPagableDataSection
KeTickCount
KeBugCheckEx
RtlUnwind
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
KeLeaveCriticalRegion
strncmp
memset
memcpy
IoFreeIrp
IoAllocateIrp
RtlIpv4StringToAddressA
SeDeassignSecurity
_alldiv
RtlGetCallersAddress
RtlExtendedLargeIntegerDivide
KeInitializeSemaphore
IoAllocateMdl
ExfInterlockedInsertHeadList
PsGetCurrentProcess
KeAttachProcess
KeDetachProcess
ExfInterlockedInsertTailList
ObfDereferenceObject
IoFreeMdl
KeWaitForSingleObject
KeResetEvent
KeSetEvent
_stricmp
KeGetCurrentThread
ExSystemTimeToLocalTime
KeInitializeEvent
strrchr
ExInitializeResourceLite
RtlGetVersion
RtlCompareMemory
KeQuerySystemTime
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
IoAcquireCancelSpinLock
SeAssignSecurity
IoReleaseCancelSpinLock
ExAllocatePoolWithTag
RtlFreeUnicodeString
ExFreePoolWithTag
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
IoCreateDevice
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
_wcsnicmp
RtlAddAccessAllowedAce
RtlLengthSid
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwSetValueKey
hal
KfAcquireSpinLock
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql
KfReleaseSpinLock
tdi.sys
TdiEnumerateAddresses
TdiPnPPowerComplete
TdiDeregisterNetAddress
TdiDeregisterDeviceObject
TdiRegisterDeviceObject
TdiRegisterNetAddress
TdiProviderReady
TdiInitialize
TdiRegisterProvider
TdiRegisterPnPHandlers
TdiMapUserRequest
TdiDeregisterPnPHandlers
TdiDeregisterProvider
TdiDefaultRcvExpeditedHandler
TdiDefaultConnectHandler
TdiDefaultDisconnectHandler
TdiDefaultErrorHandler
TdiDefaultReceiveHandler
TdiDefaultSendPossibleHandler
TdiCopyMdlToBuffer
TdiCopyBufferToMdl
TdiDefaultRcvDatagramHandler
TdiBuildNetbiosAddress
TdiPnPPowerRequest
netio.sys
NsiRegisterChangeNotification
NsiGetParameter
NsiAllocateAndGetTable
NsiFreeTable
NsiSetAllParameters
NsiGetAllParameters
NsiDeregisterChangeNotification
ndis.sys
NdisGetThreadObjectCompartmentId
NdisSetThreadObjectCompartmentId
Sections
.text Size: 121KB - Virtual size: 120KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE Size: 36KB - Virtual size: 35KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGENBT Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ